While most former FCC Chairmen tend to take a step away for a little bit after they depart the Commission, former Chair Tom Wheeler is far from traditional.  Generally, I have ignored the former Chairman’s musings, despite their inaccuracies and overall misguided perspective.  In recent weeks, however, Wheeler has pontificated about the current Commission’s lack of action on the issue of Internet network security.  At the risk of engaging, I find it necessary to call out the gibberish in his recent writings.  In essence, Wheeler’s views reaffirm that he is unwilling to read the law and follow basic principles of statutory construction.

In complete fairness, Wheeler is correct to state that I firmly believe that current law provides the Commission with little authority over Internet security.  He’s right when he recently wrote that “Commissioner O’Reilly (sic) described the FCC’s cyber authority as ‘extremely limited.’”  I have written about, given speeches, testified before Congress, and spoken publicly on that exact point.  Instead, Wheeler takes issue with my and others analysis of the law.  Therefore, the debate is focused on a straight interpretation of the statute, not whether the Commission should have such authority or what it could do if it had such power.  While he dabbles with other arguments, Wheeler’s central case centers on Section 1 of the Communications Act of 1934 as providing some universal authority over all communications activity, especially cybersecurity.  To be clear, he doesn’t even seem to imply that Section 1 is ancillary authority, but rather direct authority delegated by Congress.  For those unfamiliar, the text of Section 1 is as follows:

For the purpose of regulating interstate and foreign commerce in communication by wire and radio so as to make available, so far as possible, to all the people of the United States, without discrimination on the basis of race, color, religion, national origin, or sex, a rapid, efficient, Nation-wide, and world-wide wire and radio communication service with adequate facilities at reasonable charges, for the purpose of the national defense, for the purpose of promoting safety of life and property through the use of wire and radio communications, and for the purpose of securing a more effective execution of this policy by centralizing authority heretofore granted by law to several agencies and by granting additional authority with respect to interstate and foreign commerce in wire and radio communication, there is created a commission to be known as the “Federal Communications Commission”, which shall be constituted as hereinafter provided, and which shall execute and enforce the provisions of this chapter.

Specifically, Wheeler uses the language “for the purpose of the national defense, for the purpose of promoting safety of life and property through the use of wire and radio communications,…” to suggest that the Commission has direct authority over cybersecurity/Internet networks and whatever else is related.  In particular, he argues, “That mandate to deal with threats to national defense and public safety surely encompasses the current cyber threats to national and individual security.”

There are a multitude of problems with this reading, including:

  • Massive Scope Interpretation — If Section 1 is as expansive as the former Chairman suggests, then it effectively means the Commission’s scope of authority over “communication by wire or radio” is without bounds. Electronic securities transactions?  Autonomous vehicle information? Fake tweets or Facebook postings intended to influence an election?  In fact, it is hard to fathom any communications activity — including every aspect of the Internet, thus all Internet application providers and routing systems — that wouldn’t be subject to the Commission’s reaches under the guise of national defense and/or promoting safety of life and property.  Yet, even Wheeler acknowledged in the past that the Commission doesn’t oversee so-called edge providers.  Was he wrong then or now? 
  • No Independent Authority — The plain reading of Section 1 clearly shows that the relevant beginning serves as a preamble to justify the creation of the FCC.  It’s title – “Purposes of Chapter” helps demonstrate that the section explains why the Commission was created.  It sets the stage for Congress moving away from the Federal Radio Commission and to the “modern” Commission.  In fact, almost everyone else remotely involved in communications policy has acknowledged Section 1 as a policy statement, not actual authority. As such, the section does not provide the Commission with independent authority to do anything. Just think about the ramifications if it did.Why have fights over the reach of Section 201 or Title VI, for instance, if Section 1 provides unlimited authority to do everything imaginable?Why would there ever be a discussion over the ancillary authority of Section 4(i) if Section 1 is supreme authority?A Wheeler-interpreted Section 1 would be omnipotent and eviscerate the need for any of the remaining provisions, which is not what Congress ever intended, and not how courts construe statutes.[1]
  • Rejection by the Court — You don’t have to take my word for it that these assertions are baseless.  In Comcast v FCC (2010), the D.C. Circuit Court of Appeals completely undermines Wheeler’s contention, by accepting the Commission’s admission that Section 1 is a policy statement and then ruling, “Policy statements are just that — statements of policy.  They are not delegations of regulatory authority.”[2]  And, even if Wheeler tried to take the ancillary route, the court shot that down as well by finding, “the Commission cites neither section 230(b) nor [s]ection 1 to shed light on any express statutory delegation of authority found in Title II, III, VI, or, for that matter, anywhere else.”[3]  Thus, Wheeler would have had to cite a statutory provision in which Section 1 would be ancillary, which doesn’t exist to achieve his policy goal.  In terms of any “mandate” to act, the same court — just four months ago — rejected Wheeler’s Section 1 view that there is some mandate to take action.Specifically, in MMTC v FCC, the court declared that “Section 1 by its terms does not impose an affirmative obligation on the FCC to take any particular action.”[4] 
  • ​​​​​​The Homeland Security Department’s Job — Cybersecurity is certainly and rightly a policy area that requires a significant amount of attention.  Accordingly, it seems that everyone wants to be involved.  The Senate Homeland Security and Governmental Affairs Committee held a hearing on this very topic last year, finding that duplicative cyber regulations imposed by various federal agencies have taken industry’s attention away from securing their networks and towards a compliance, check-the-box regime.[5]  That is why Congress assigned responsibility over these issues to the Department of Homeland Security.  It is detrimental for any agency or department to try to wedge itself into an area overseen by another.  To argue that the Commission try to stretch its authority beyond what Congress asked of it and interfere where its assistance hasn’t been requested is outrageous.  Throwing more governmental agencies at a problem is not a solution to a perplexing policy matter.  Moreover, if Wheeler thinks that the Homeland Security Department is not doing its job, he should take that up with Congress, instead of trying to drag the FCC into the issue.

*             *             *

I’ll go about fulfilling my obligations at the Commission under the limits and boundaries that Congress established, even if that means missing out on the chance to get our mittens in the middle of cybersecurity.  However, if Congress passes a statute providing the Commission with authority over this issue, I will fully implement any new authority given the Commission.

 

[1] See, e.g., Astoria Federal Savings & Loan Ass’n v. Solimino, 501 U.S. 104, 112 (1991) (stating that statutes should be construed “so as to avoid rendering superfluous” any statutory language); United States v. Menasche, 348 U.S. 528, 538–539 (1955).

[2] Comcast Corp. v. FCC, 600 F.3d 642, 654 (D.C. Cir.2010)See also Verizon v. FCC, 740 F.3d 623, 632 (D.C. Cir. 2014) (reiterating that Section 1 and other provisions “set[] forth congressional policy, [but] delegated no actual regulatory authority.”).  Moreover, if Congress intended the FCC to exercise such vast authority it would have “spoken far more clearly than it has done in [a] general statement of policy.” (Multicultural Media, Telecom & Internet Council v. FCC, 873 F.3d 932, 936 (D.C. Cir. 2017) (citing FDA v. Brown & Williamson Tobacco Corp., 529 U.S. 120 (2000)).

[3] Comcast Corp. v. FCC, 600 F.3d at 654. See also Verizon v. FCC, 740 at 632 (confirming that “permitting the agency to ground its exercise of ancillary jurisdiction in policy statements alone would contravene the ‘‘axiomatic’ principle that ‘administrative agencies may [act] only pursuant to authority delegated to them by Congress.’” (quoting Comcast Corp. v. FCC, 600 F.3d at 654 and American Library Ass'n v. FCC, 406 F.3d 689, 691 (D.C. Cir. 2005)).

[4] Multicultural Media, Telecom & Internet Council v. FCC, 873 F.3d at 936.

[5] U.S. Senate Homeland Security and Governmental Affairs Committee,

“Cybersecurity Regulation Harmonization” (June 21, 2017), https://www.hsgac.senate.gov/hearings/cybersecurity-regulation-harmoniz….